Getting Data In

Community Activity

Filter csv logs before indexing I want exclude fields bar and baz with all their values before indexing. I have CSV log: foo,bar,baz abc,123,456 a... by krylov Explorer in Getting Data In 05-18-2017 0 2	0	2
Does monitoring similar files within a directory log require a separate props.conf configuration? Hello, I am struggling with a directory monitoring problem. I have a directory with a ton of different incremental l... by centrafraserk Path Finder in Getting Data In 05-18-2017 0 3	0	3
Why do I have so many established TCP connections from one host? I have a Windows host (192.168.2.2) which has a universal forwarder installed and is setup to talk to my single insta... by danielsofoulis Path Finder in Getting Data In 05-17-2017 0 3	0	3
Is it possible to edit props.conf from Splunk Web? Hi Friends, I've added a custom application in SPLUNK which utilizes LINE_BREAKER and SHOULD_LINEMERGE features of p... by gauravmishra15 Path Finder in Getting Data In 05-17-2017 3 5	3	5
Convert String to Date then display Latest Date I have this search \|inputlookup fdss2017.csv\|search "SCCM Last Policy Request"=* \|fields "SCCM Last Policy Request"... by JoshuaJohn Contributor in Getting Data In 05-17-2017 0 2	0	2
Split the name Hi, I have a values name like AV:EC2:ES:401 and AV:EC2 Now I want to show only EC2 how to show it. Can anyone pleas... by dchalasani Path Finder in Getting Data In 05-17-2017 0 19	0	19
Why is the Universal Forwarder reporting the wrong IP to Deployment Server? I have about 6 hosts that are reporting their IP address to my deployment server incorrectly. They are running Unive... by JDukeSplunk Builder in Getting Data In 05-17-2017 0 8	0	8
Retrieve output data from Splunk Hi there, We want to get data from Splunk after a Splunk search has outputted the data in a file. Case In Splunk we... by JosIJntema Explorer in Getting Data In 05-17-2017 0 2	0	2
confirm if heavy forwarder is receiving any data. We have 6.5 Splunk instance configured as a heavy forwarder. We are forwarding data from Cloud PAAS service and that... by vikram_m Path Finder in Getting Data In 05-17-2017 0 1	0	1
Why can't I ingest data? I need help to figure out why my environment is not ingesting data. I am on a single laptop I have four VMs install... by mhouse3 Path Finder in Getting Data In 05-16-2017 0 31	0	31
How to understand "Splunk software can extract only dates from a source, not times. If you need to extract a time from a source, use a transform." " The note is here, http://docs.splunk.com/Documentation/Splunk/6.6.0/Data/HowSplunkextractstimestamps But I have a pro... by jimmyzhangau New Member in Getting Data In 05-16-2017 0 3	0	3
How can I monitor the same file on different drives in windows? I'm trying to monitor the same file on different drives on Windows systems. I tried putting a wildcard into the inpu... by deloach Engager in Getting Data In 05-15-2017 0 5	0	5
What is the infrastructure recommendation based on daily volume? What is the infrastructure recommendation for ~40-50GB/day with ~150 servers? Can VM be deployed vs Physical servers... by bayman Path Finder in Getting Data In 05-15-2017 0 3	0	3
Using wildcards * in lookup csv files Hi to all, I'm using a csv file to categorize event actions extracted by a log file. I'm extracting events action (... by andreac81 Explorer in Getting Data In 05-15-2017 0 1	0	1
What could be causing Splunk to log my data under the wrong hostname? Hello, I recently added my meraki appliance as a datasource on my Splunk instance (reading from a file that syslog-n... by lacrosse1991 Explorer in Getting Data In 05-14-2017 0 5	0	5
How to extract Fields custom JSON File in Splunk I have custom JSON File on Splunk but SPATH command is not able to extract the fields from the data. Can any one sugg... by ashish9433 Communicator in Getting Data In 05-13-2017 0 1	0	1
Save token values so they can persist beyond session timeout I have a dashboard, where I can select a number of items from a list of many thousand. These selected items are added... by bowesmana SplunkTrust in Getting Data In 05-13-2017 0 4	0	4
How to get Splunk know the Account name when the Local or Global Group changed in Windows server 2008? Hi all, I found a problem when I migrate Splunk from Windows server 2003 to Windows server 2008. I created a alert f... by zyxcc New Member in Getting Data In 05-13-2017 0 1	0	1
How do I capture unique API list my application is using through Splunk? I have paths like this: https://100.100.100.100:8080/rest/config/L3UCPE-API:services/service-list/{uniqueId}/ https:... by vijaydudipala88 New Member in Getting Data In 05-12-2017 0 5	0	5
How often indexes or sourcetypes are being searched? Hi All, I'd like to create a report that shows how often users are performing searches against indexes, or even sou... by jguzowski Engager in Getting Data In 05-12-2017 1 2	1	2
Why am I unable to see the forwarder but data is being received? Hi, I setup a forwarder on a linux server and setup Splunk to listen on port 9997 and I added the index name (cisco) ... by Lenval06 Engager in Getting Data In 05-12-2017 0 6	0	6
How to delete an app listing on Splunkbase? How do I delete or remove my app from Splunkbase? by wnguyen Splunk Employee in Getting Data In 05-12-2017 0 1	0	1
Why has Splunk stopped real time monitoring of log files? I have my Splunk configured to monitor 3 directories, there our simulator keeps placing new .log files. It used to w... by coronelfoca Explorer in Getting Data In 05-12-2017 0 14	0	14
Windows Server 2016: Support by Splunk Enterprise & Universal Forwarder Server 2016 was released approximately 6 months ago, but it is still not listed as a supported OS on the system requi... by helge Builder in Getting Data In 05-12-2017 0 4	0	4
How to change sourcetype on indexer based on the value of source? Hi, My data flows in from the forwarder where index=idx1 and sourcetype=sourcetypeA have been set using inputs.conf.... by deepak02 Path Finder in Getting Data In 05-12-2017 0 7	0	7